Traditional network and client based security tools, such as signature-based anti-virus, spam gateways, and firewalls, fail to adequately address sophisticated, socially engineered, and targeted malware attacks. Zero day exploits, obfuscated, and polymorphic malcode are often bundled in well-crafted emails, documents, and websites designed to appear legitimate. Once opened, the malicious code exploits a vulnerability in the targets operating system or applications opening a back channel into the private network.
As a result, these kinds of attacks have proven very effective in eroding the security perimeter of many high-value networks, such as those within the government, defense contractors, the banking industry, and others. With the average user receiving hundreds of emails per day, large organizations need a solution which can meet the performance demands and unique configuration of their environment.
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity and attempt to block and/or stop the malicious activity. Intrusion prevention systems monitor network traffic and/or system activities for malicious activity. Intrusion prevention systems are placed in-line and are able to actively prevent and/or block intrusions that are detected.
Cyber criminals are now actually employing “best practices” like email content personalization and brand impersonation. This means they include public information to make the email very compelling so that nearly anyone would open the attachment or click on the link. As a result, it is becoming more difficult to tell legitimate emails from those seeking to infect systems and steal personal and corporate data. Today, mail transfer agents (MTA), anti-virus vendors, etc. are either performing minimally invasive analysis such that they can release email quickly or are working off a copy of the message in non-real-time.
To effectively prevent all intrusions, the interruption of email delivery is necessary. However, no prior attempts have been made that specifically delay messages as part of a malware detection system in an IPS mode.